erichard/cloudfront-proxies-bundle

Trusts the AWS Cloudfront proxies IP in your Symfony projects

Installs: 12 614

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 4

Forks: 2

Open Issues: 0

Type:symfony-bundle

1.0.0 2021-12-16 13:47 UTC

This package is auto-updated.

Last update: 2024-11-16 21:04:47 UTC


README

The bundle automatically register all Cloudfront IP range to the list of the trusted proxies.

The IP range is downloaded from AWS : https://ip-ranges.amazonaws.com/ip-ranges.json

These IPs are cached for one hour by default.

Configuration

Check the default configuration below.

# config/packages/erichard_cloudfront_proxies.yaml

erichard_cloudfront_proxies:
  expire: 3600
  cache: cache.app
  ip_range_url: https://ip-ranges.amazonaws.com/ip-ranges.json

Note

The IP list is only downloaded when the request contains a Cloudfront-Forwarded-Proto header. According to the AWS documentation this header is not sent by default so you need to configure your Cloudfront distribution properly.

The bundle also take care of setting back the X-Forwarded-Proto header based on Cloudfront-Forwarded-Proto.